Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 27 subscribers
  • Views 8189 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 105 slowing down throughput

Daan

Recently I purchased an XG 105 firewall to place in my dataroom. The device is installed in bridge mode. 

When I bypass the device, I reach speeds of 30 MB/sec (on a 1 Gbit/sec connection)

When the traffic is going of the XG 105 in bridge mode, speeds are usually between 5 MB/sec and 8 MB/sec.

The traffic that is being generated at that point in time is VEEAM traffic.

I have checked the switchports, but not a single input nor output error is detected, so that seems to be OK.

 

At first I thought it might be due to IPS or application detection, so I created a separate firewall rule that allows the VEEAM traffic and not do any kind of IPS or scanning on this traffic. You can see the amount of GB's increased on this particular firewall rule, so I'm pretty sure the right one is hit. 

But despite this rule, still my speeds are much slower compared to when I don't have the Sophos XG 105 in between.

The CPU is around 30% when the traffic is flowing, and memory usage around 80%, normal values I presume.

 

Is there anybody who could give me some pointers about why traffic is so much slower when passing through the XG firewall?

 

Thank you!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    while you are not using a specific IPS rule in your firewall rule, you need to disable all IPS settings then start re-enabling them to see which ones you need to modify.

    Please post a screen shot of your IPS page.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    Thanks for your reply.

    Please see a screenshot of the IPS rules

    1. The VPN Bypass rule I created with a certain source and destination range that identifies the IP ranges used for VEEAM replication. As you can see I disabled all features for this rule

    2. Block ports is just blocking certain incoming ports I want blocked for all servers

    3. My Lan to Wan policy which is very standard, allowing every but scanning traffic for virus and allow all applications

    4. My Wan to lan policy which is also standard, allow all applications and having IPS enabled

    Below you can find the overview of all IPS rules that are currently enabled for Wan to lan 

Reply
  • 0 in reply to rfcat_vk

    Hi Ian,

    Thanks for your reply.

    Please see a screenshot of the IPS rules

    1. The VPN Bypass rule I created with a certain source and destination range that identifies the IP ranges used for VEEAM replication. As you can see I disabled all features for this rule

    2. Block ports is just blocking certain incoming ports I want blocked for all servers

    3. My Lan to Wan policy which is very standard, allowing every but scanning traffic for virus and allow all applications

    4. My Wan to lan policy which is also standard, allow all applications and having IPS enabled

    Below you can find the overview of all IPS rules that are currently enabled for Wan to lan 

Children
No Data